Merge main into massive-terminal-upgrade

Resolves merge conflicts:
- apps/server/src/routes/terminal/common.ts: Keep randomBytes import, use @automaker/utils for createLogger
- apps/ui/eslint.config.mjs: Use main's explicit globals list with XMLHttpRequest and MediaQueryListEvent additions
- apps/ui/src/components/views/terminal-view.tsx: Keep our terminal improvements (killAllSessions, beforeunload, better error handling)
- apps/ui/src/config/terminal-themes.ts: Keep our search highlight colors for all themes
- apps/ui/src/store/app-store.ts: Keep our terminal settings persistence improvements (merge function)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

libs/platform/src/index.ts

@@ -0,0 +1,46 @@
+/**
+ * @automaker/platform
+ * Platform-specific utilities for AutoMaker
+ */
+
+// Path utilities
+export {
+  getAutomakerDir,
+  getFeaturesDir,
+  getFeatureDir,
+  getFeatureImagesDir,
+  getBoardDir,
+  getImagesDir,
+  getContextDir,
+  getWorktreesDir,
+  getAppSpecPath,
+  getBranchTrackingPath,
+  ensureAutomakerDir,
+  getGlobalSettingsPath,
+  getCredentialsPath,
+  getProjectSettingsPath,
+  ensureDataDir,
+} from './paths.js';
+
+// Subprocess management
+export {
+  spawnJSONLProcess,
+  spawnProcess,
+  type SubprocessOptions,
+  type SubprocessResult,
+} from './subprocess.js';
+
+// Security
+export {
+  PathNotAllowedError,
+  initAllowedPaths,
+  isPathAllowed,
+  validatePath,
+  isPathWithinDirectory,
+  getAllowedRootDirectory,
+  getDataDirectory,
+  getAllowedPaths,
+} from './security.js';
+
+// Secure file system (validates paths before I/O operations)
+export * as secureFs from './secure-fs.js';

libs/platform/src/paths.ts

@@ -0,0 +1,213 @@
+/**
+ * Automaker Paths - Utilities for managing automaker data storage
+ *
+ * Provides functions to construct paths for:
+ * - Project-level data stored in {projectPath}/.automaker/
+ * - Global user data stored in app userData directory
+ *
+ * All returned paths are absolute and ready to use with fs module.
+ * Directory creation is handled separately by ensure* functions.
+ */
+
+import * as secureFs from './secure-fs.js';
+import path from 'path';
+
+/**
+ * Get the automaker data directory root for a project
+ *
+ * All project-specific automaker data is stored under {projectPath}/.automaker/
+ * This directory is created when needed via ensureAutomakerDir().
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker
+ */
+export function getAutomakerDir(projectPath: string): string {
+  return path.join(projectPath, '.automaker');
+}
+
+/**
+ * Get the features directory for a project
+ *
+ * Contains subdirectories for each feature, keyed by featureId.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker/features
+ */
+export function getFeaturesDir(projectPath: string): string {
+  return path.join(getAutomakerDir(projectPath), 'features');
+}
+
+/**
+ * Get the directory for a specific feature
+ *
+ * Contains feature-specific data like generated code, tests, and logs.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @param featureId - Feature identifier
+ * @returns Absolute path to {projectPath}/.automaker/features/{featureId}
+ */
+export function getFeatureDir(projectPath: string, featureId: string): string {
+  return path.join(getFeaturesDir(projectPath), featureId);
+}
+
+/**
+ * Get the images directory for a feature
+ *
+ * Stores screenshots, diagrams, or other images related to the feature.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @param featureId - Feature identifier
+ * @returns Absolute path to {projectPath}/.automaker/features/{featureId}/images
+ */
+export function getFeatureImagesDir(projectPath: string, featureId: string): string {
+  return path.join(getFeatureDir(projectPath, featureId), 'images');
+}
+
+/**
+ * Get the board directory for a project
+ *
+ * Contains board-related data like background images and customization files.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker/board
+ */
+export function getBoardDir(projectPath: string): string {
+  return path.join(getAutomakerDir(projectPath), 'board');
+}
+
+/**
+ * Get the general images directory for a project
+ *
+ * Stores project-level images like background images or shared assets.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker/images
+ */
+export function getImagesDir(projectPath: string): string {
+  return path.join(getAutomakerDir(projectPath), 'images');
+}
+
+/**
+ * Get the context files directory for a project
+ *
+ * Stores user-uploaded context files for reference during generation.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker/context
+ */
+export function getContextDir(projectPath: string): string {
+  return path.join(getAutomakerDir(projectPath), 'context');
+}
+
+/**
+ * Get the worktrees metadata directory for a project
+ *
+ * Stores information about git worktrees associated with the project.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker/worktrees
+ */
+export function getWorktreesDir(projectPath: string): string {
+  return path.join(getAutomakerDir(projectPath), 'worktrees');
+}
+
+/**
+ * Get the app spec file path for a project
+ *
+ * Stores the application specification document used for generation.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker/app_spec.txt
+ */
+export function getAppSpecPath(projectPath: string): string {
+  return path.join(getAutomakerDir(projectPath), 'app_spec.txt');
+}
+
+/**
+ * Get the branch tracking file path for a project
+ *
+ * Stores JSON metadata about active git branches and worktrees.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker/active-branches.json
+ */
+export function getBranchTrackingPath(projectPath: string): string {
+  return path.join(getAutomakerDir(projectPath), 'active-branches.json');
+}
+
+/**
+ * Create the automaker directory structure for a project if it doesn't exist
+ *
+ * Creates {projectPath}/.automaker with all subdirectories recursively.
+ * Safe to call multiple times - uses recursive: true.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Promise resolving to the created automaker directory path
+ */
+export async function ensureAutomakerDir(projectPath: string): Promise<string> {
+  const automakerDir = getAutomakerDir(projectPath);
+  await secureFs.mkdir(automakerDir, { recursive: true });
+  return automakerDir;
+}
+
+// ============================================================================
+// Global Settings Paths (stored in DATA_DIR from app.getPath('userData'))
+// ============================================================================
+
+/**
+ * Get the global settings file path
+ *
+ * Stores user preferences, keyboard shortcuts, AI profiles, and project history.
+ * Located in the platform-specific userData directory.
+ *
+ * Default locations:
+ * - macOS: ~/Library/Application Support/automaker
+ * - Windows: %APPDATA%\automaker
+ * - Linux: ~/.config/automaker
+ *
+ * @param dataDir - User data directory (from app.getPath('userData'))
+ * @returns Absolute path to {dataDir}/settings.json
+ */
+export function getGlobalSettingsPath(dataDir: string): string {
+  return path.join(dataDir, 'settings.json');
+}
+
+/**
+ * Get the credentials file path
+ *
+ * Stores sensitive API keys separately from other settings for security.
+ * Located in the platform-specific userData directory.
+ *
+ * @param dataDir - User data directory (from app.getPath('userData'))
+ * @returns Absolute path to {dataDir}/credentials.json
+ */
+export function getCredentialsPath(dataDir: string): string {
+  return path.join(dataDir, 'credentials.json');
+}
+
+/**
+ * Get the project settings file path
+ *
+ * Stores project-specific settings that override global settings.
+ * Located within the project's .automaker directory.
+ *
+ * @param projectPath - Absolute path to project directory
+ * @returns Absolute path to {projectPath}/.automaker/settings.json
+ */
+export function getProjectSettingsPath(projectPath: string): string {
+  return path.join(getAutomakerDir(projectPath), 'settings.json');
+}
+
+/**
+ * Create the global data directory if it doesn't exist
+ *
+ * Creates the userData directory for storing global settings and credentials.
+ * Safe to call multiple times - uses recursive: true.
+ *
+ * @param dataDir - User data directory path to create
+ * @returns Promise resolving to the created data directory path
+ */
+export async function ensureDataDir(dataDir: string): Promise<string> {
+  await secureFs.mkdir(dataDir, { recursive: true });
+  return dataDir;
+}

libs/platform/src/secure-fs.ts

@@ -0,0 +1,161 @@
+/**
+ * Secure File System Adapter
+ *
+ * All file I/O operations must go through this adapter to enforce
+ * ALLOWED_ROOT_DIRECTORY restrictions at the actual access point,
+ * not just at the API layer. This provides defense-in-depth security.
+ */
+
+import fs from 'fs/promises';
+import type { Dirent } from 'fs';
+import path from 'path';
+import { validatePath } from './security.js';
+
+/**
+ * Wrapper around fs.access that validates path first
+ */
+export async function access(filePath: string, mode?: number): Promise<void> {
+  const validatedPath = validatePath(filePath);
+  return fs.access(validatedPath, mode);
+}
+
+/**
+ * Wrapper around fs.readFile that validates path first
+ */
+export async function readFile(
+  filePath: string,
+  encoding?: BufferEncoding
+): Promise<string | Buffer> {
+  const validatedPath = validatePath(filePath);
+  if (encoding) {
+    return fs.readFile(validatedPath, encoding);
+  }
+  return fs.readFile(validatedPath);
+}
+
+/**
+ * Wrapper around fs.writeFile that validates path first
+ */
+export async function writeFile(
+  filePath: string,
+  data: string | Buffer,
+  encoding?: BufferEncoding
+): Promise<void> {
+  const validatedPath = validatePath(filePath);
+  return fs.writeFile(validatedPath, data, encoding);
+}
+
+/**
+ * Wrapper around fs.mkdir that validates path first
+ */
+export async function mkdir(
+  dirPath: string,
+  options?: { recursive?: boolean; mode?: number }
+): Promise<string | undefined> {
+  const validatedPath = validatePath(dirPath);
+  return fs.mkdir(validatedPath, options);
+}
+
+/**
+ * Wrapper around fs.readdir that validates path first
+ */
+export async function readdir(
+  dirPath: string,
+  options?: { withFileTypes?: false; encoding?: BufferEncoding }
+): Promise<string[]>;
+export async function readdir(
+  dirPath: string,
+  options: { withFileTypes: true; encoding?: BufferEncoding }
+): Promise<Dirent[]>;
+export async function readdir(
+  dirPath: string,
+  options?: { withFileTypes?: boolean; encoding?: BufferEncoding }
+): Promise<string[] | Dirent[]> {
+  const validatedPath = validatePath(dirPath);
+  if (options?.withFileTypes === true) {
+    return fs.readdir(validatedPath, { withFileTypes: true });
+  }
+  return fs.readdir(validatedPath);
+}
+
+/**
+ * Wrapper around fs.stat that validates path first
+ */
+export async function stat(filePath: string): Promise<any> {
+  const validatedPath = validatePath(filePath);
+  return fs.stat(validatedPath);
+}
+
+/**
+ * Wrapper around fs.rm that validates path first
+ */
+export async function rm(
+  filePath: string,
+  options?: { recursive?: boolean; force?: boolean }
+): Promise<void> {
+  const validatedPath = validatePath(filePath);
+  return fs.rm(validatedPath, options);
+}
+
+/**
+ * Wrapper around fs.unlink that validates path first
+ */
+export async function unlink(filePath: string): Promise<void> {
+  const validatedPath = validatePath(filePath);
+  return fs.unlink(validatedPath);
+}
+
+/**
+ * Wrapper around fs.copyFile that validates both paths first
+ */
+export async function copyFile(src: string, dest: string, mode?: number): Promise<void> {
+  const validatedSrc = validatePath(src);
+  const validatedDest = validatePath(dest);
+  return fs.copyFile(validatedSrc, validatedDest, mode);
+}
+
+/**
+ * Wrapper around fs.appendFile that validates path first
+ */
+export async function appendFile(
+  filePath: string,
+  data: string | Buffer,
+  encoding?: BufferEncoding
+): Promise<void> {
+  const validatedPath = validatePath(filePath);
+  return fs.appendFile(validatedPath, data, encoding);
+}
+
+/**
+ * Wrapper around fs.rename that validates both paths first
+ */
+export async function rename(oldPath: string, newPath: string): Promise<void> {
+  const validatedOldPath = validatePath(oldPath);
+  const validatedNewPath = validatePath(newPath);
+  return fs.rename(validatedOldPath, validatedNewPath);
+}
+
+/**
+ * Wrapper around fs.lstat that validates path first
+ * Returns file stats without following symbolic links
+ */
+export async function lstat(filePath: string): Promise<any> {
+  const validatedPath = validatePath(filePath);
+  return fs.lstat(validatedPath);
+}
+
+/**
+ * Wrapper around path.join that returns resolved path
+ * Does NOT validate - use this for path construction, then pass to other operations
+ */
+export function joinPath(...pathSegments: string[]): string {
+  return path.join(...pathSegments);
+}
+
+/**
+ * Wrapper around path.resolve that returns resolved path
+ * Does NOT validate - use this for path construction, then pass to other operations
+ */
+export function resolvePath(...pathSegments: string[]): string {
+  return path.resolve(...pathSegments);
+}

libs/platform/src/security.ts

@@ -0,0 +1,131 @@
+/**
+ * Security utilities for path validation
+ * Enforces ALLOWED_ROOT_DIRECTORY constraint with appData exception
+ */
+
+import path from 'path';
+
+/**
+ * Error thrown when a path is not allowed by security policy
+ */
+export class PathNotAllowedError extends Error {
+  constructor(filePath: string) {
+    super(`Path not allowed: ${filePath}. Must be within ALLOWED_ROOT_DIRECTORY or DATA_DIR.`);
+    this.name = 'PathNotAllowedError';
+  }
+}
+
+// Allowed root directory - main security boundary
+let allowedRootDirectory: string | null = null;
+
+// Data directory - always allowed for settings/credentials
+let dataDirectory: string | null = null;
+
+/**
+ * Initialize security settings from environment variables
+ * - ALLOWED_ROOT_DIRECTORY: main security boundary
+ * - DATA_DIR: appData exception, always allowed
+ */
+export function initAllowedPaths(): void {
+  // Load ALLOWED_ROOT_DIRECTORY
+  const rootDir = process.env.ALLOWED_ROOT_DIRECTORY;
+  if (rootDir) {
+    allowedRootDirectory = path.resolve(rootDir);
+    console.log(`[Security] ✓ ALLOWED_ROOT_DIRECTORY configured: ${allowedRootDirectory}`);
+  } else {
+    console.log('[Security] ⚠️  ALLOWED_ROOT_DIRECTORY not set - allowing access to all paths');
+  }
+
+  // Load DATA_DIR (appData exception - always allowed)
+  const dataDir = process.env.DATA_DIR;
+  if (dataDir) {
+    dataDirectory = path.resolve(dataDir);
+    console.log(`[Security] ✓ DATA_DIR configured: ${dataDirectory}`);
+  }
+}
+
+/**
+ * Check if a path is allowed based on ALLOWED_ROOT_DIRECTORY
+ * Returns true if:
+ * - Path is within ALLOWED_ROOT_DIRECTORY, OR
+ * - Path is within DATA_DIR (appData exception), OR
+ * - No restrictions are configured (backward compatibility)
+ */
+export function isPathAllowed(filePath: string): boolean {
+  const resolvedPath = path.resolve(filePath);
+
+  // Always allow appData directory (settings, credentials)
+  if (dataDirectory && isPathWithinDirectory(resolvedPath, dataDirectory)) {
+    return true;
+  }
+
+  // If no ALLOWED_ROOT_DIRECTORY restriction is configured, allow all paths
+  // Note: DATA_DIR is checked above as an exception, but doesn't restrict other paths
+  if (!allowedRootDirectory) {
+    return true;
+  }
+
+  // Allow if within ALLOWED_ROOT_DIRECTORY
+  if (allowedRootDirectory && isPathWithinDirectory(resolvedPath, allowedRootDirectory)) {
+    return true;
+  }
+
+  // If restrictions are configured but path doesn't match, deny
+  return false;
+}
+
+/**
+ * Validate a path - resolves it and checks permissions
+ * Throws PathNotAllowedError if path is not allowed
+ */
+export function validatePath(filePath: string): string {
+  const resolvedPath = path.resolve(filePath);
+
+  if (!isPathAllowed(resolvedPath)) {
+    throw new PathNotAllowedError(filePath);
+  }
+
+  return resolvedPath;
+}
+
+/**
+ * Check if a path is within a directory, with protection against path traversal
+ * Returns true only if resolvedPath is within directoryPath
+ */
+export function isPathWithinDirectory(resolvedPath: string, directoryPath: string): boolean {
+  // Get the relative path from directory to the target
+  const relativePath = path.relative(directoryPath, resolvedPath);
+
+  // If relative path starts with "..", it's outside the directory
+  // If relative path is absolute, it's outside the directory
+  // If relative path is empty or ".", it's the directory itself
+  return !relativePath.startsWith('..') && !path.isAbsolute(relativePath);
+}
+
+/**
+ * Get the configured allowed root directory
+ */
+export function getAllowedRootDirectory(): string | null {
+  return allowedRootDirectory;
+}
+
+/**
+ * Get the configured data directory
+ */
+export function getDataDirectory(): string | null {
+  return dataDirectory;
+}
+
+/**
+ * Get list of allowed paths (for debugging)
+ */
+export function getAllowedPaths(): string[] {
+  const paths: string[] = [];
+  if (allowedRootDirectory) {
+    paths.push(allowedRootDirectory);
+  }
+  if (dataDirectory) {
+    paths.push(dataDirectory);
+  }
+  return paths;
+}

libs/platform/src/subprocess.ts

@@ -0,0 +1,197 @@
+/**
+ * Subprocess management utilities for CLI providers
+ */
+
+import { spawn, type ChildProcess } from 'child_process';
+import readline from 'readline';
+
+export interface SubprocessOptions {
+  command: string;
+  args: string[];
+  cwd: string;
+  env?: Record<string, string>;
+  abortController?: AbortController;
+  timeout?: number; // Milliseconds of no output before timeout
+}
+
+export interface SubprocessResult {
+  stdout: string;
+  stderr: string;
+  exitCode: number | null;
+}
+
+/**
+ * Spawns a subprocess and streams JSONL output line-by-line
+ */
+export async function* spawnJSONLProcess(options: SubprocessOptions): AsyncGenerator<unknown> {
+  const { command, args, cwd, env, abortController, timeout = 30000 } = options;
+
+  const processEnv = {
+    ...process.env,
+    ...env,
+  };
+
+  console.log(`[SubprocessManager] Spawning: ${command} ${args.slice(0, -1).join(' ')}`);
+  console.log(`[SubprocessManager] Working directory: ${cwd}`);
+
+  const childProcess: ChildProcess = spawn(command, args, {
+    cwd,
+    env: processEnv,
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+
+  let stderrOutput = '';
+  let lastOutputTime = Date.now();
+  let timeoutHandle: NodeJS.Timeout | null = null;
+
+  // Collect stderr for error reporting
+  if (childProcess.stderr) {
+    childProcess.stderr.on('data', (data: Buffer) => {
+      const text = data.toString();
+      stderrOutput += text;
+      console.error(`[SubprocessManager] stderr: ${text}`);
+    });
+  }
+
+  // Setup timeout detection
+  const resetTimeout = () => {
+    lastOutputTime = Date.now();
+    if (timeoutHandle) {
+      clearTimeout(timeoutHandle);
+    }
+    timeoutHandle = setTimeout(() => {
+      const elapsed = Date.now() - lastOutputTime;
+      if (elapsed >= timeout) {
+        console.error(`[SubprocessManager] Process timeout: no output for ${timeout}ms`);
+        childProcess.kill('SIGTERM');
+      }
+    }, timeout);
+  };
+
+  resetTimeout();
+
+  // Setup abort handling
+  if (abortController) {
+    abortController.signal.addEventListener('abort', () => {
+      console.log('[SubprocessManager] Abort signal received, killing process');
+      if (timeoutHandle) {
+        clearTimeout(timeoutHandle);
+      }
+      childProcess.kill('SIGTERM');
+    });
+  }
+
+  // Parse stdout as JSONL (one JSON object per line)
+  if (childProcess.stdout) {
+    const rl = readline.createInterface({
+      input: childProcess.stdout,
+      crlfDelay: Infinity,
+    });
+
+    try {
+      for await (const line of rl) {
+        resetTimeout();
+
+        if (!line.trim()) continue;
+
+        try {
+          const parsed = JSON.parse(line);
+          yield parsed;
+        } catch (parseError) {
+          console.error(`[SubprocessManager] Failed to parse JSONL line: ${line}`, parseError);
+          // Yield error but continue processing
+          yield {
+            type: 'error',
+            error: `Failed to parse output: ${line}`,
+          };
+        }
+      }
+    } catch (error) {
+      console.error('[SubprocessManager] Error reading stdout:', error);
+      throw error;
+    } finally {
+      if (timeoutHandle) {
+        clearTimeout(timeoutHandle);
+      }
+    }
+  }
+
+  // Wait for process to exit
+  const exitCode = await new Promise<number | null>((resolve) => {
+    childProcess.on('exit', (code) => {
+      console.log(`[SubprocessManager] Process exited with code: ${code}`);
+      resolve(code);
+    });
+
+    childProcess.on('error', (error) => {
+      console.error('[SubprocessManager] Process error:', error);
+      resolve(null);
+    });
+  });
+
+  // Handle non-zero exit codes
+  if (exitCode !== 0 && exitCode !== null) {
+    const errorMessage = stderrOutput || `Process exited with code ${exitCode}`;
+    console.error(`[SubprocessManager] Process failed: ${errorMessage}`);
+    yield {
+      type: 'error',
+      error: errorMessage,
+    };
+  }
+
+  // Process completed successfully
+  if (exitCode === 0 && !stderrOutput) {
+    console.log('[SubprocessManager] Process completed successfully');
+  }
+}
+
+/**
+ * Spawns a subprocess and collects all output
+ */
+export async function spawnProcess(options: SubprocessOptions): Promise<SubprocessResult> {
+  const { command, args, cwd, env, abortController } = options;
+
+  const processEnv = {
+    ...process.env,
+    ...env,
+  };
+
+  return new Promise((resolve, reject) => {
+    const childProcess = spawn(command, args, {
+      cwd,
+      env: processEnv,
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+
+    let stdout = '';
+    let stderr = '';
+
+    if (childProcess.stdout) {
+      childProcess.stdout.on('data', (data: Buffer) => {
+        stdout += data.toString();
+      });
+    }
+
+    if (childProcess.stderr) {
+      childProcess.stderr.on('data', (data: Buffer) => {
+        stderr += data.toString();
+      });
+    }
+
+    // Setup abort handling
+    if (abortController) {
+      abortController.signal.addEventListener('abort', () => {
+        childProcess.kill('SIGTERM');
+        reject(new Error('Process aborted'));
+      });
+    }
+
+    childProcess.on('exit', (code) => {
+      resolve({ stdout, stderr, exitCode: code });
+    });
+
+    childProcess.on('error', (error) => {
+      reject(error);
+    });
+  });
+}